shuck.sh

Shuck hash before trying to crack it

Menu

Skip to content
  • Home
  • Get Shucking
  • Generator
  • Converter
  • The Technology
  • FAQ
  • News
  • Contact

Generator

Generator

For a better understanding of DES-based challenge cryptographic algorithms, Shuck.sh provides a challenge generator from a known secret. Indicate a credential (password or NT-hash) in the form and observe the results in real time below.

GENERATE YOUR OWN!
Identity: @
Password: / NT-hash:
Client Challenge:
ESS/SSP: => Server Challenge:
Check instant result below
ycam@domain.tld MD4(UTF-16-LE("")) (plaintext password)
(NT-hash)
PT1: PT2: PT3:
K1: K2: K3: Challenge client: Challenge server: LMresp[0:16]+0pad
DES-ECB({K1,K2,K3}, FinalChallenge) === {CT1,CT2,CT3} Final challenge: md5(clientChall+serverChall)[0:16]
NTresp{CT1: CT2: CT3:}
:::::
:::::
$MSCHAPv2$$$
$NETLM$$
$NETNTLM$$
$99$
LMHASH:
NTHASH:

Note:
This generator allows you to make valid authentication tokens in various formats detailed in the table below. Starting from a plaintext password, or from its version in NT-hash directly, it is possible to customized the challenge on the client-side (default: 1122334455667788), as well as the challenge on the server-side by activating the ESS/SSP (Extended Session Security / Security Support Provider).
The results are generated on the fly, and these can be tested directly on the hash shucking module.

Explanation:
To produce a network authentication token following the NTLM protocol (NetNTLMv(-ESS/SSP), MSCHAPv2, PPTP-VPN, etc. format), several elements are necessary.
Such a token is not actually a hash although it is often called that. These tokens are formed from two main elements:

  • A secret which will serve as a key (more precisely 3 DES-ECB keys), which is the NT-hash of the identity (and not its plaintext password);
  • A challenge, to add a notion of hazard, which will be encrypted with each of the 3 keys.
The principle of the algorithm is therefore:

  1. From the NT-hash of the identity (which corresponds to the MD4 of the plaintext after conversion to UTF-16 Little-Indian), this hash is divided into 3 parts named PT1 (7 bytes), PT2 (7 bytes) and PT3 (2 bytes);

  2. Each of these 3 parts applies a binary transformation to derive in 3 keys, K1, K2 and K3 of 8 bytes each. It will be noted that the derivation of PT3 (2 bytes) to give K3 (8 bytes) generates a key deemed to be weak
    arrayout.push((((arrayin[0] & 0xfe) | 1)));
    arrayout.push((((arrayin[0] << 7 & 0x80) | (arrayin[1] >> 1) & 0x7e) | 1));
    arrayout.push((((arrayin[1] << 6 & 0xc0) | (arrayin[2] >> 2) & 0x3e) | 1));
    arrayout.push((((arrayin[2] << 5 & 0xe0) | (arrayin[3] >> 3) & 0x1e) | 1));
    arrayout.push((((arrayin[3] << 4 & 0xf0) | (arrayin[4] >> 4) & 0x0e) | 1));
    arrayout.push((((arrayin[4] << 3 & 0xf8) | (arrayin[5] >> 5) & 0x06) | 1));
    arrayout.push((((arrayin[5] << 2 & 0xfc) | (arrayin[6] >> 6) & 0x02) | 1));
    arrayout.push((((arrayin[6] << 1 & 0xfe) | 1)));
    
  3. At the same time, a hazard called "challenge" is produced:
    • This random number is generated on the client side (8 bytes), so its value is known and can be predefined (1122334455667788);
    • To reinforce global security, the notion of ESS/SSP (Extended Session Security / Security Support Provider) can be used, where a random generated on the server side (8 bytes), over which an attacker cannot have control, is placed in the LM-response with 0's-padding.
    • The final challenge actually used for token generation is therefore either the client-side challenge in the absence of ESS/SSP, or the first 8 bytes of the MD5 hash from the concatenation of the client challenge and server challenge in the presence of ESS/ SSP.
    • So if an LM-response has 8 bytes then many 0s in padding, it means that there is ESS/SSP security, otherwise no: the LM-response is not used.
  4. From K1, K2, K3 and the final challenge, the DES-ECB symmetric encryption algorithm is applied to produce 3 ciphertexts CT1, CT2 and CT3 of 8 bytes each.
    DES-ECB(K1, FinalChallenge) === CT1
    DES-ECB(K2, FinalChallenge) === CT2
    DES-ECB(K3, FinalChallenge) === CT3
  5. The concatenation of these 3 ciphertexts, CT1, CT2 and CT3 forms the NT-response which is included directly in the final tokens.

Compatibility & Formats:
The output results are in various formats summarized in the following table with their tool's compatibility.

Token Format Type Shuck.sh
Crack.sh
HashCat
Description

login::domain:lmresp:ntresp:clientChall
*::*:[a-fA-F\d]{48}:[a-fA-F\d]{48}:[a-fA-F\d]{16}
Prefix: N/A / Delimiter: ":" / Hex / Optional login, domain, lmresp

NetNTLMv1-noESS/SSP Ready to be shucked freely! Incompatible format / requires conversion Yes, mode 5500 / 27000 or 14000 NET(NT)LM hashes captured with a random challenge without ESS/SSP.

login::domain:lmresp(serverChall+0padding):ntresp:clientChall
*::*:[a-fA-F\d]{16}[0]{32}:[a-fA-F\d]{48}:[a-fA-F\d]{16}
Prefix: N/A / Delimiter: ":" / Hex / Optional login, domain

NetNTLMv1-ESS/SSP Ready to be shucked freely! Incompatible format / requires conversion Yes, mode 5500 / 27000 or 14000 NET(NT)LM hashes captured with a random challenge with ESS/SSP (server challenge in LMresp with 0's padding).

(LM|NT)HASH:ntresp
(LM|NT)HASH:[a-fA-F\d]{48}
Prefix: (LM|NT)HASH / Delimiter: ":" / Hex

NET(NT)LM Ready to be shucked freely! FREE/$20-$200
Incompatible format / requires conversion NET(NT)LM with the 1122334455667788 challenge without ESS/SSP.

$NET(NT)?LM$challenge$ntresp
$NET(NT)?LM$[a-fA-F\d]{16}$[a-fA-F\d]{48}
Prefix: $NET(NT)?LM$ / Delimiter: "$" / Hex

NET(NT)LM Ready to be shucked freely! $20-$200
Incompatible format / requires conversion NET(NT)LM hashes captured with a random challenge.

$99$b64encode(hex2bin(challenge+{ntresp=CT1+CT2+PT3})
$99$[a-zA-Z\d\+/]{35}=
Prefix: $99$ / Delimiter: "$" / Base64

ChapCrack Ready to be shucked freely! $20-$200
Incompatible format / requires conversion PPTP VPN and WPA-Enterprise MSCHAPv2 authentication captures.

$MSCHAPv2$challenge$ntresp$(login)?
$MSCHAPv2$[a-fA-F\d]{16}$[a-fA-F\d]{48}$*
Prefix: $MSCHAPv2$ / Delimiter: "$" / Hex / Optional username

MSCHAPv2 Ready to be shucked freely! Incompatible format / requires conversion Incompatible format / requires conversion PPTP VPN and WPA-Enterprise MSCHAPv2 authentication captures.

How to convert formats?
To convert an authentication token from one format to another, simply submit it freely to the Hash-Shucking module or use the Converter to follow algorithm's dissection.

RECENT NEWS

Shuck.sh is alive, and ShuckNT is released on GitHub!

The hash shucker dedicated to the NetNTLMv1 (with or without ESS/SSP), PPTP VPN and WPA-Enterprise MSCHAPv2 algorithms is available online, as well as on-premise on GitHub since the begining of 2023!


The Crack.sh online service was unavailable for several weeks/months at the end of 2022

For several weeks / months during the last quarter of 2022, the services of the Crack.sh online platform were unavailable / under maintenance. Now the platform is fully functional since the beginning of 2023!

 

Pwned Passwords list version 8 released by HIBP !

Pwned Passwords are hundreds of millions of real world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they're at much greater risk of being used to take over other accounts. Version 8 was released by Troy Hunt in December 2021 and contains 847,223,402 leaks.




What the Shuck? Layered Hash Shucking

Conference by Sam Croley (Chik3nman) at DEFCON's Password Village on August 8, 2020 on the concept of " What the Shuck? Layered Hash Shucking".

Site Map

  • Home
  • Get Shucking
  • Generator
  • Converter
  • The Technology
  • FAQ
  • News
  • Contact

Contact

Feel free to report any comments, bugs or ideas for improvement regarding Shuck.sh or ShuckNT via GitHub or by contacting me directly.



100% Success NOT Guarantee
Shuck.sh cannot guarantee 100% results, unlike Crack.sh which guarantees that it will 100% produce a working key for jobs submitted. The processing carried out by Shuck.sh is based on the use of the databases provided by HaveIBeenPwned, and is therefore dependent on the data leaks recorded in these databases at a given time. Shuck.sh aims to maximize the time to obtain an NT-hash from a DES-based authentication token, without claiming to be exhaustive. To gain completeness, it is recommended to turn to the excellent Crack.sh service.

Disclaimer
Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and Shuck.sh will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.
This site contains materials that can be potentially badly used. If you do not fully understand something on this site, then GO OUT OF HERE! Refer to the laws in your province/country before accessing, using, or in any other way utilizing these materials. These materials are for educational and research purposes only. Do not attempt to violate the law with anything contained here. If this is your intention, then LEAVE NOW! Neither administration of this server, the authors of this material, or anyone else affiliated in any way, is going to accept responsibility for your actions.

© Copyright 2023+ ycam | shuck.sh is a free service developed and maintained by Yann CAM, Independent CyberSecurity Consultant, and is provided for research purposes only.